All Questions
Tagged with azure-ad-b2c jwt
97
questions
0
votes
1
answer
42
views
B2C Custom Policy REST API error - Bad Request
I have a B2c Custom policy defined that is supposed to call a token endpoint. Here is how I have tried to configure the policy:
<TechnicalProfile Id="GetTokenInformation">
<...
0
votes
1
answer
56
views
Azure B2C custom IEF Profile not saving displayName when created from givenName and surname
We have a problem we are trying to resolve today. Hopefully someone with more experience can point us in the right direction.
We have a custom policy that creates the display name from the givenName ...
0
votes
1
answer
291
views
How to override TokenValidationParameters.SignatureValidator, look at a condition and fallback on default behavior if the conditon isn't met?
I'm doing a .Net 6 API and I'm playing with JWT tokens right now for authentication/authorization.
For automatic test purposes, I want to allow a secure backdoor. The backdoor in question is that if ...
1
vote
2
answers
63
views
B2C: Audience claim is formatted differently when using a client credential vs authorization flow
I'm getting the same value but s differently formatted aud claim of my JWT when using client_credential and authorization_code grant types when using the same client id and requested scope using B2C ...
0
votes
2
answers
222
views
Is it possible to use the token that AD B2C is going to Issue within the Custom policies to call Rest techinical profile for authentication?
I have a REST API which is protected by AD B2C and I want to consume the API with in the custom policies. Is it possible to use the B2C token as a bearer token to call the api in the REST technical ...
0
votes
0
answers
75
views
Difference in time obtained from nbf claim while validating azure b2c token on the server
While validating claim obtained from the azure b2c token using PKCE flow, the nbf claim is actually greater than the current time(the server time) .
I am getting b2c token after validation from custom ...
0
votes
1
answer
3k
views
Token Signature Validation Failing Reported that Token Does Not Have a Kid
In setting up a web service to take in a token generated from a B2C call to https://login.microsoftonline.com/{tenant Id}/oauth2/v2.0/token I keep getting the IDX10503 error.
I generate the token in ...
0
votes
0
answers
146
views
Azure B2C OAuth vs Hubspot JWT
I have an Azure B2C instance configured. We use the Identity Experience Framework, because of some custom user journeys we have configured.
In Hubspot, I am trying to verify SSO for private content on ...
0
votes
1
answer
48
views
Security of JWT token and AzureB2C
I have a .net Core API and Next.JS frontend (with MSAL). I use Azure AdB2C for authenticating users. Currently I'm thinking about storing the roles of the user and the organization Id / Tenant Id for ...
0
votes
1
answer
130
views
Using JwtBearerOption MetadataAddress with Google
I've used Azure AD B2C successfully for my API.
Until now I obtainted the signing key by setting the JwtBearerOptions.MetadataAddress to https://<mytentant>/v2.0/.well-known/openid-configuration
...
1
vote
1
answer
771
views
APIM JWT Validate Policy Key Issuer Issue
I am using APIM to validate JWT Tokens and here is my policy looks
<validate-jwt header-name="Authorization" failed-validation-httpcode="401" failed-validation-error-message=&...
1
vote
1
answer
449
views
Is it safe to cache public key used to sign a token in Azure AD B2C?
I have a Single Page Application (SPA) protected by Azure AD B2C. Using MSAL, I am getting the id token on the client side which I am sending to the backend API on each request.
I would like to ...
2
votes
4
answers
2k
views
Does Azure AD B2C support "roles" claim in JWT tokens for authorization?
I'm exploring Azure AD B2C in a learning environment, and I'm currently exploring a requirement related to the inclusion of a "roles" claim in JWT tokens for the purpose of authorization. My ...
0
votes
1
answer
83
views
Azure Function multiple JWT issuers
I have an Azure Function v4 which is using JwtBinding attribute
[JwtBinding("%JwtBinding:Issuer%", "%JwtBinding:Audience%")] AuthorizedModel auth
from HexMaster.Functions....
0
votes
1
answer
245
views
how to handle the scenario web api 1 calling web api 2 while azure b2c doesn't support "on behalf of"
Since B2C on behalf of is not supported, what are the options of passing in a secure way using the azure infrastructure the identity of a user downstream?
After Web app --> Web Api 1, B2C cannot ...